From 4d2918fc7eb3362974577e018e347bdb92fd8799 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:05:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2286.json | 140 +++---- 2007/2xxx/CVE-2007-2288.json | 150 +++---- 2007/2xxx/CVE-2007-2315.json | 150 +++---- 2007/2xxx/CVE-2007-2350.json | 160 ++++---- 2007/2xxx/CVE-2007-2489.json | 190 ++++----- 2007/3xxx/CVE-2007-3568.json | 160 ++++---- 2007/3xxx/CVE-2007-3621.json | 210 +++++----- 2007/3xxx/CVE-2007-3680.json | 200 +++++----- 2007/3xxx/CVE-2007-3827.json | 130 +++--- 2007/4xxx/CVE-2007-4011.json | 170 ++++---- 2007/4xxx/CVE-2007-4055.json | 160 ++++---- 2007/6xxx/CVE-2007-6015.json | 700 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6136.json | 160 ++++---- 2007/6xxx/CVE-2007-6761.json | 160 ++++---- 2010/1xxx/CVE-2010-1261.json | 160 ++++---- 2010/1xxx/CVE-2010-1572.json | 140 +++---- 2010/1xxx/CVE-2010-1839.json | 34 +- 2010/5xxx/CVE-2010-5087.json | 200 +++++----- 2010/5xxx/CVE-2010-5197.json | 130 +++--- 2010/5xxx/CVE-2010-5239.json | 130 +++--- 2014/0xxx/CVE-2014-0077.json | 180 ++++----- 2014/0xxx/CVE-2014-0294.json | 160 ++++---- 2014/1xxx/CVE-2014-1417.json | 34 +- 2014/1xxx/CVE-2014-1966.json | 130 +++--- 2014/5xxx/CVE-2014-5570.json | 140 +++---- 2015/2xxx/CVE-2015-2326.json | 34 +- 2015/2xxx/CVE-2015-2775.json | 230 +++++------ 2015/2xxx/CVE-2015-2989.json | 130 +++--- 2016/10xxx/CVE-2016-10173.json | 190 ++++----- 2016/10xxx/CVE-2016-10478.json | 132 +++---- 2016/3xxx/CVE-2016-3096.json | 240 +++++------ 2016/4xxx/CVE-2016-4675.json | 170 ++++---- 2016/4xxx/CVE-2016-4832.json | 140 +++---- 2016/4xxx/CVE-2016-4855.json | 150 +++---- 2016/8xxx/CVE-2016-8433.json | 130 +++--- 2016/8xxx/CVE-2016-8675.json | 150 +++---- 2016/9xxx/CVE-2016-9077.json | 152 +++---- 2016/9xxx/CVE-2016-9209.json | 130 +++--- 2016/9xxx/CVE-2016-9380.json | 170 ++++---- 2016/9xxx/CVE-2016-9649.json | 34 +- 2016/9xxx/CVE-2016-9677.json | 140 +++---- 2019/2xxx/CVE-2019-2009.json | 34 +- 2019/2xxx/CVE-2019-2207.json | 34 +- 2019/2xxx/CVE-2019-2501.json | 140 +++---- 2019/2xxx/CVE-2019-2581.json | 34 +- 2019/3xxx/CVE-2019-3073.json | 34 +- 2019/6xxx/CVE-2019-6037.json | 34 +- 2019/6xxx/CVE-2019-6102.json | 34 +- 2019/6xxx/CVE-2019-6845.json | 34 +- 2019/6xxx/CVE-2019-6889.json | 34 +- 2019/7xxx/CVE-2019-7477.json | 34 +- 2019/7xxx/CVE-2019-7478.json | 34 +- 2019/7xxx/CVE-2019-7693.json | 130 +++--- 2019/7xxx/CVE-2019-7721.json | 120 +++--- 2019/7xxx/CVE-2019-7750.json | 34 +- 55 files changed, 3682 insertions(+), 3682 deletions(-) diff --git a/2007/2xxx/CVE-2007-2286.json b/2007/2xxx/CVE-2007-2286.json index c771303f540..b0c516baf2e 100644 --- a/2007/2xxx/CVE-2007-2286.json +++ b/2007/2xxx/CVE-2007-2286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 Built2Go_PHP_Link_Portal_v1.79 >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466865/100/0/thread" - }, - { - "name" : "23651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23651" - }, - { - "name" : "34166", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23651" + }, + { + "name": "20070425 Built2Go_PHP_Link_Portal_v1.79 >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466865/100/0/thread" + }, + { + "name": "34166", + "refsource": "OSVDB", + "url": "http://osvdb.org/34166" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2288.json b/2007/2xxx/CVE-2007-2288.json index 244784ec177..8b5ed4652e3 100644 --- a/2007/2xxx/CVE-2007-2288.json +++ b/2007/2xxx/CVE-2007-2288.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 :doruk100net >> RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466842/100/0/threaded" - }, - { - "name" : "23675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23675" - }, - { - "name" : "34171", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34171" - }, - { - "name" : "doruk100net-info-file-include(33923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34171", + "refsource": "OSVDB", + "url": "http://osvdb.org/34171" + }, + { + "name": "20070425 :doruk100net >> RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466842/100/0/threaded" + }, + { + "name": "23675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23675" + }, + { + "name": "doruk100net-info-file-include(33923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33923" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2315.json b/2007/2xxx/CVE-2007-2315.json index bc3402619f9..34b3b03933c 100644 --- a/2007/2xxx/CVE-2007-2315.json +++ b/2007/2xxx/CVE-2007-2315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=685448", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=685448" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=109595&release_id=500854", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=109595&release_id=500854" - }, - { - "name" : "ADV-2007-1419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1419" - }, - { - "name" : "24898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=109595&release_id=500854", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=109595&release_id=500854" + }, + { + "name": "ADV-2007-1419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1419" + }, + { + "name": "24898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24898" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=685448", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=685448" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2350.json b/2007/2xxx/CVE-2007-2350.json index d12f448d3cf..6dc442a093f 100644 --- a/2007/2xxx/CVE-2007-2350.json +++ b/2007/2xxx/CVE-2007-2350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070421 freePBX 2.2.x's Music-on-hold Remote Code Execution Injection", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html" - }, - { - "name" : "ADV-2007-1535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1535" - }, - { - "name" : "35316", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35316" - }, - { - "name" : "24935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24935" - }, - { - "name" : "2652", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070421 freePBX 2.2.x's Music-on-hold Remote Code Execution Injection", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html" + }, + { + "name": "35316", + "refsource": "OSVDB", + "url": "http://osvdb.org/35316" + }, + { + "name": "2652", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2652" + }, + { + "name": "24935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24935" + }, + { + "name": "ADV-2007-1535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1535" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2489.json b/2007/2xxx/CVE-2007-2489.json index 78a01ee676e..e689a8d27b4 100644 --- a/2007/2xxx/CVE-2007-2489.json +++ b/2007/2xxx/CVE-2007-2489.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070502 LiveData Protocol Server Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=523" - }, - { - "name" : "VU#213516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/213516" - }, - { - "name" : "23773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23773" - }, - { - "name" : "35529", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35529" - }, - { - "name" : "ADV-2007-1633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1633" - }, - { - "name" : "1017998", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017998" - }, - { - "name" : "25076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25076" - }, - { - "name" : "livedata-wsdl-bo(34031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35529", + "refsource": "OSVDB", + "url": "http://osvdb.org/35529" + }, + { + "name": "23773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23773" + }, + { + "name": "ADV-2007-1633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1633" + }, + { + "name": "20070502 LiveData Protocol Server Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=523" + }, + { + "name": "VU#213516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/213516" + }, + { + "name": "livedata-wsdl-bo(34031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34031" + }, + { + "name": "1017998", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017998" + }, + { + "name": "25076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25076" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3568.json b/2007/3xxx/CVE-2007-3568.json index d56b9c20633..12bd2ffe4f3 100644 --- a/2007/3xxx/CVE-2007-3568.json +++ b/2007/3xxx/CVE-2007-3568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/5WP030UM0W.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5WP030UM0W.html" - }, - { - "name" : "24750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24750" - }, - { - "name" : "39016", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39016" - }, - { - "name" : "1018332", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018332" - }, - { - "name" : "dotclear-redacteur-xss(35325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018332", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018332" + }, + { + "name": "http://www.securiteam.com/unixfocus/5WP030UM0W.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5WP030UM0W.html" + }, + { + "name": "24750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24750" + }, + { + "name": "dotclear-redacteur-xss(35325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35325" + }, + { + "name": "39016", + "refsource": "OSVDB", + "url": "http://osvdb.org/39016" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3621.json b/2007/3xxx/CVE-2007-3621.json index adb68af2008..e8906a94fd4 100644 --- a/2007/3xxx/CVE-2007-3621.json +++ b/2007/3xxx/CVE-2007-3621.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070705 AsteriDex (Asterisk / Trixbox) remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472907/100/0/threaded" - }, - { - "name" : "4151", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4151" - }, - { - "name" : "http://www.hoku.co.uk/advisories/asteridex.txt", - "refsource" : "MISC", - "url" : "http://www.hoku.co.uk/advisories/asteridex.txt" - }, - { - "name" : "http://bestof.nerdvittles.com/applications/asteridex/", - "refsource" : "CONFIRM", - "url" : "http://bestof.nerdvittles.com/applications/asteridex/" - }, - { - "name" : "24781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24781" - }, - { - "name" : "37846", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37846" - }, - { - "name" : "ADV-2007-2446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2446" - }, - { - "name" : "25965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25965" - }, - { - "name" : "2863", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2863" - }, - { - "name" : "asteridex-callboth-command-execution(35270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4151", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4151" + }, + { + "name": "37846", + "refsource": "OSVDB", + "url": "http://osvdb.org/37846" + }, + { + "name": "asteridex-callboth-command-execution(35270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35270" + }, + { + "name": "2863", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2863" + }, + { + "name": "ADV-2007-2446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2446" + }, + { + "name": "http://bestof.nerdvittles.com/applications/asteridex/", + "refsource": "CONFIRM", + "url": "http://bestof.nerdvittles.com/applications/asteridex/" + }, + { + "name": "24781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24781" + }, + { + "name": "20070705 AsteriDex (Asterisk / Trixbox) remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472907/100/0/threaded" + }, + { + "name": "http://www.hoku.co.uk/advisories/asteridex.txt", + "refsource": "MISC", + "url": "http://www.hoku.co.uk/advisories/asteridex.txt" + }, + { + "name": "25965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25965" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3680.json b/2007/3xxx/CVE-2007-3680.json index d9d771820c5..2d6697d1193 100644 --- a/2007/3xxx/CVE-2007-3680.json +++ b/2007/3xxx/CVE-2007-3680.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070709 IBM AIX libodm ODMPATH Stack Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=552" - }, - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IY97632", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY97632" - }, - { - "name" : "24841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24841" - }, - { - "name" : "36760", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36760" - }, - { - "name" : "ADV-2007-2476", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2476" - }, - { - "name" : "1018345", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018345" - }, - { - "name" : "25970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25970" - }, - { - "name" : "aix-libodm-bo(35321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY97632", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY97632" + }, + { + "name": "25970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25970" + }, + { + "name": "aix-libodm-bo(35321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35321" + }, + { + "name": "24841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24841" + }, + { + "name": "1018345", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018345" + }, + { + "name": "36760", + "refsource": "OSVDB", + "url": "http://osvdb.org/36760" + }, + { + "name": "20070709 IBM AIX libodm ODMPATH Stack Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=552" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + }, + { + "name": "ADV-2007-2476", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2476" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3827.json b/2007/3xxx/CVE-2007-3827.json index 5ea061d86a5..e912d04e1e8 100644 --- a/2007/3xxx/CVE-2007-3827.json +++ b/2007/3xxx/CVE-2007-3827.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox allows for cookies to be set with a null domain (aka \"domainless cookies\"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070713 MSIE7 entrapment again (+ FF tidbit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473702/100/0/threaded" - }, - { - "name" : "2892", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox allows for cookies to be set with a null domain (aka \"domainless cookies\"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070713 MSIE7 entrapment again (+ FF tidbit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473702/100/0/threaded" + }, + { + "name": "2892", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2892" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4011.json b/2007/4xxx/CVE-2007-4011.json index 2c9d674b284..7f79d7fe048 100644 --- a/2007/4xxx/CVE-2007-4011.json +++ b/2007/4xxx/CVE-2007-4011.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070724 Wireless ARP Storm Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml" - }, - { - "name" : "25043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25043" - }, - { - "name" : "ADV-2007-2636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2636" - }, - { - "name" : "1018444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018444" - }, - { - "name" : "26161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26161" - }, - { - "name" : "cisco-wlc-arp-dos(35576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2636" + }, + { + "name": "26161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26161" + }, + { + "name": "cisco-wlc-arp-dos(35576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35576" + }, + { + "name": "25043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25043" + }, + { + "name": "1018444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018444" + }, + { + "name": "20070724 Wireless ARP Storm Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4055.json b/2007/4xxx/CVE-2007-4055.json index 12abb6aa3e2..ebe9a539182 100644 --- a/2007/4xxx/CVE-2007-4055.json +++ b/2007/4xxx/CVE-2007-4055.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4239", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4239" - }, - { - "name" : "25123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25123" - }, - { - "name" : "ADV-2007-2694", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2694" - }, - { - "name" : "37268", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37268" - }, - { - "name" : "simpleblog-commentsget-sql-injection(35677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4239", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4239" + }, + { + "name": "25123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25123" + }, + { + "name": "ADV-2007-2694", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2694" + }, + { + "name": "simpleblog-commentsget-sql-injection(35677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35677" + }, + { + "name": "37268", + "refsource": "OSVDB", + "url": "http://osvdb.org/37268" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6015.json b/2007/6xxx/CVE-2007-6015.json index 6b1d25a2884..f5fe05a6562 100644 --- a/2007/6xxx/CVE-2007-6015.json +++ b/2007/6xxx/CVE-2007-6015.json @@ -1,352 +1,352 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-6015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071210 Secunia Research: Samba \"send_mailslot()\" Buffer OverflowVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484818/100/0/threaded" - }, - { - "name" : "20071210 [SECURITY] Buffer overrun in send_mailslot()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484825/100/0/threaded" - }, - { - "name" : "20071210 rPSA-2007-0261-1 samba samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484827/100/0/threaded" - }, - { - "name" : "20071214 POC for samba send_mailslot()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485144/100/0/threaded" - }, - { - "name" : "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488457/100/0/threaded" - }, - { - "name" : "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" - }, - { - "name" : "http://secunia.com/secunia_research/2007-99/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-99/advisory/" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2007-6015.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2007-6015.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=200773", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=200773" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1976", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1976" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307430", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307430" - }, - { - "name" : "APPLE-SA-2008-02-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" - }, - { - "name" : "DSA-1427", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1427" - }, - { - "name" : "FEDORA-2007-4269", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html" - }, - { - "name" : "FEDORA-2007-4275", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html" - }, - { - "name" : "GLSA-200712-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-10.xml" - }, - { - "name" : "HPSBUX02316", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120524782005154&w=2" - }, - { - "name" : "SSRT071495", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120524782005154&w=2" - }, - { - "name" : "HPSBUX02341", - "refsource" : "HP", - "url" : "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" - }, - { - "name" : "SSRT080075", - "refsource" : "HP", - "url" : "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" - }, - { - "name" : "MDKSA-2007:244", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244" - }, - { - "name" : "RHSA-2007:1114", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1114.html" - }, - { - "name" : "RHSA-2007:1117", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1117.html" - }, - { - "name" : "SSA:2007-344-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554" - }, - { - "name" : "238251", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1" - }, - { - "name" : "1019295", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1" - }, - { - "name" : "SUSE-SA:2007:068", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_68_samba.html" - }, - { - "name" : "USN-556-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-556-1" - }, - { - "name" : "TA08-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" - }, - { - "name" : "VU#438395", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/438395" - }, - { - "name" : "26791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26791" - }, - { - "name" : "oval:org.mitre.oval:def:5605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605" - }, - { - "name" : "oval:org.mitre.oval:def:11572", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572" - }, - { - "name" : "ADV-2007-4153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4153" - }, - { - "name" : "ADV-2008-0495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0495/references" - }, - { - "name" : "ADV-2008-0637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0637" - }, - { - "name" : "ADV-2008-0859", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0859/references" - }, - { - "name" : "ADV-2008-1712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1712/references" - }, - { - "name" : "ADV-2008-1908", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1908" - }, - { - "name" : "1019065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019065" - }, - { - "name" : "27760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27760" - }, - { - "name" : "27894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27894" - }, - { - "name" : "27977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27977" - }, - { - "name" : "27993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27993" - }, - { - "name" : "27999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27999" - }, - { - "name" : "28003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28003" - }, - { - "name" : "28028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28028" - }, - { - "name" : "28029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28029" - }, - { - "name" : "28067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28067" - }, - { - "name" : "28089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28089" - }, - { - "name" : "28037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28037" - }, - { - "name" : "28891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28891" - }, - { - "name" : "29032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29032" - }, - { - "name" : "29341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29341" - }, - { - "name" : "30484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30484" - }, - { - "name" : "30835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30835" - }, - { - "name" : "3438", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3438" - }, - { - "name" : "samba-sendmailslot-bo(38965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:1117", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307430", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307430" + }, + { + "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html" + }, + { + "name": "28891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28891" + }, + { + "name": "1019295", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1" + }, + { + "name": "30835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30835" + }, + { + "name": "29341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29341" + }, + { + "name": "HPSBUX02316", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120524782005154&w=2" + }, + { + "name": "VU#438395", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/438395" + }, + { + "name": "26791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26791" + }, + { + "name": "238251", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1" + }, + { + "name": "SUSE-SA:2007:068", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html" + }, + { + "name": "USN-556-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-556-1" + }, + { + "name": "ADV-2008-1908", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1908" + }, + { + "name": "ADV-2008-0495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0495/references" + }, + { + "name": "SSRT071495", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120524782005154&w=2" + }, + { + "name": "HPSBUX02341", + "refsource": "HP", + "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" + }, + { + "name": "27999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27999" + }, + { + "name": "20071214 POC for samba send_mailslot()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded" + }, + { + "name": "30484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30484" + }, + { + "name": "29032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29032" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2007-6015.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2007-6015.html" + }, + { + "name": "27993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27993" + }, + { + "name": "samba-sendmailslot-bo(38965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965" + }, + { + "name": "DSA-1427", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1427" + }, + { + "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded" + }, + { + "name": "MDKSA-2007:244", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244" + }, + { + "name": "SSRT080075", + "refsource": "HP", + "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=200773", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773" + }, + { + "name": "20071210 Secunia Research: Samba \"send_mailslot()\" Buffer OverflowVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded" + }, + { + "name": "1019065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019065" + }, + { + "name": "27977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27977" + }, + { + "name": "ADV-2008-0637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0637" + }, + { + "name": "28029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28029" + }, + { + "name": "ADV-2007-4153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4153" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm" + }, + { + "name": "28089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28089" + }, + { + "name": "28003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28003" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1976", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1976" + }, + { + "name": "TA08-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" + }, + { + "name": "RHSA-2007:1114", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html" + }, + { + "name": "3438", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3438" + }, + { + "name": "SSA:2007-344-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554" + }, + { + "name": "FEDORA-2007-4269", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html" + }, + { + "name": "FEDORA-2007-4275", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html" + }, + { + "name": "27894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27894" + }, + { + "name": "APPLE-SA-2008-02-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" + }, + { + "name": "27760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27760" + }, + { + "name": "ADV-2008-1712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1712/references" + }, + { + "name": "http://secunia.com/secunia_research/2007-99/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-99/advisory/" + }, + { + "name": "28067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28067" + }, + { + "name": "28037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28037" + }, + { + "name": "ADV-2008-0859", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0859/references" + }, + { + "name": "20071210 [SECURITY] Buffer overrun in send_mailslot()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded" + }, + { + "name": "20071210 rPSA-2007-0261-1 samba samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:11572", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572" + }, + { + "name": "28028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28028" + }, + { + "name": "oval:org.mitre.oval:def:5605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605" + }, + { + "name": "GLSA-200712-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6136.json b/2007/6xxx/CVE-2007-6136.json index b428a9142c6..26012800130 100644 --- a/2007/6xxx/CVE-2007-6136.json +++ b/2007/6xxx/CVE-2007-6136.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071122 MySpace Scripts - Poll Creator JavaScript Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484073/100/0/threaded" - }, - { - "name" : "26544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26544" - }, - { - "name" : "38800", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38800" - }, - { - "name" : "27778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27778" - }, - { - "name" : "myspace-scripts-poll-index-xss(38633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071122 MySpace Scripts - Poll Creator JavaScript Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484073/100/0/threaded" + }, + { + "name": "38800", + "refsource": "OSVDB", + "url": "http://osvdb.org/38800" + }, + { + "name": "myspace-scripts-poll-index-xss(38633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38633" + }, + { + "name": "26544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26544" + }, + { + "name": "27778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27778" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6761.json b/2007/6xxx/CVE-2007-6761.json index c601fd2b9dc..f6ae4e290e7 100644 --- a/2007/6xxx/CVE-2007-6761.json +++ b/2007/6xxx/CVE-2007-6761.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340" - }, - { - "name" : "http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24", - "refsource" : "CONFIRM", - "url" : "http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358" - }, - { - "name" : "98001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358" + }, + { + "name": "http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24", + "refsource": "CONFIRM", + "url": "http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358" + }, + { + "name": "98001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98001" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1261.json b/2010/1xxx/CVE-2010-1261.json index 306e52fa0dd..a996106c908 100644 --- a/2010/1xxx/CVE-2010-1261.json +++ b/2010/1xxx/CVE-2010-1261.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100089747", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100089747" - }, - { - "name" : "MS10-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "65214", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65214" - }, - { - "name" : "oval:org.mitre.oval:def:7124", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100089747", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100089747" + }, + { + "name": "oval:org.mitre.oval:def:7124", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7124" + }, + { + "name": "65214", + "refsource": "OSVDB", + "url": "http://osvdb.org/65214" + }, + { + "name": "MS10-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1572.json b/2010/1xxx/CVE-2010-1572.json index b0ca84cba88..0d087cf1697 100644 --- a/2010/1xxx/CVE-2010-1572.json +++ b/2010/1xxx/CVE-2010-1572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100609 Cisco Application Extension Platform Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml" - }, - { - "name" : "40682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40682" - }, - { - "name" : "cisco-aep-shell-privilege-escalation(59271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-aep-shell-privilege-escalation(59271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59271" + }, + { + "name": "20100609 Cisco Application Extension Platform Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml" + }, + { + "name": "40682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40682" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1839.json b/2010/1xxx/CVE-2010-1839.json index 1029a1eaf17..fae13ad3b63 100644 --- a/2010/1xxx/CVE-2010-1839.json +++ b/2010/1xxx/CVE-2010-1839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1839", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1839", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5087.json b/2010/5xxx/CVE-2010-5087.json index 23c7d0e0318..87f6099367a 100644 --- a/2010/5xxx/CVE-2010-5087.json +++ b/2010/5xxx/CVE-2010-5087.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to \"form action requests\" using a controller." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110104 CVE request: silverstripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/03/12" - }, - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4" - }, - { - "name" : "http://open.silverstripe.org/changeset/115182", - "refsource" : "CONFIRM", - "url" : "http://open.silverstripe.org/changeset/115182" - }, - { - "name" : "http://open.silverstripe.org/changeset/115185", - "refsource" : "CONFIRM", - "url" : "http://open.silverstripe.org/changeset/115185" - }, - { - "name" : "42346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to \"form action requests\" using a controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10" + }, + { + "name": "http://open.silverstripe.org/changeset/115182", + "refsource": "CONFIRM", + "url": "http://open.silverstripe.org/changeset/115182" + }, + { + "name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/01/3" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4" + }, + { + "name": "42346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42346" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/03/12" + }, + { + "name": "http://open.silverstripe.org/changeset/115185", + "refsource": "CONFIRM", + "url": "http://open.silverstripe.org/changeset/115185" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5197.json b/2010/5xxx/CVE-2010-5197.json index 6633192e4a7..2cf29e1ad79 100644 --- a/2010/5xxx/CVE-2010-5197.json +++ b/2010/5xxx/CVE-2010-5197.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Pixia 4.70j allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pxa file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/" - }, - { - "name" : "41176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Pixia 4.70j allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pxa file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41176" + }, + { + "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5239.json b/2010/5xxx/CVE-2010-5239.json index 40c50dda497..9f0120c4cda 100644 --- a/2010/5xxx/CVE-2010-5239.json +++ b/2010/5xxx/CVE-2010-5239.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14791", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14791/" - }, - { - "name" : "41146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41146" + }, + { + "name": "14791", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14791/" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0077.json b/2014/0xxx/CVE-2014-0077.json index add412bed10..3ed126b358f 100644 --- a/2014/0xxx/CVE-2014-0077.json +++ b/2014/0xxx/CVE-2014-0077.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064440", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064440" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0" - }, - { - "name" : "66678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66678" - }, - { - "name" : "59599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59599" - }, - { - "name" : "59386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66678" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064440", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064440" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10" + }, + { + "name": "https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0" + }, + { + "name": "59386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59386" + }, + { + "name": "59599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59599" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0294.json b/2014/0xxx/CVE-2014-0294.json index 65d4b4e051b..8393857dc2f 100644 --- a/2014/0xxx/CVE-2014-0294.json +++ b/2014/0xxx/CVE-2014-0294.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka \"RCE Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-008" - }, - { - "name" : "65397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65397" - }, - { - "name" : "103161", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103161" - }, - { - "name" : "1029744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029744" - }, - { - "name" : "56788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka \"RCE Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103161", + "refsource": "OSVDB", + "url": "http://osvdb.org/103161" + }, + { + "name": "65397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65397" + }, + { + "name": "MS14-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-008" + }, + { + "name": "1029744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029744" + }, + { + "name": "56788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56788" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1417.json b/2014/1xxx/CVE-2014-1417.json index e028225fa48..a98afb4be5f 100644 --- a/2014/1xxx/CVE-2014-1417.json +++ b/2014/1xxx/CVE-2014-1417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1966.json b/2014/1xxx/CVE-2014-1966.json index 6b4263505be..9adefe754b2 100644 --- a/2014/1xxx/CVE-2014-1966.json +++ b/2014/1xxx/CVE-2014-1966.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5570.json b/2014/5xxx/CVE-2014-5570.json index e5e7cfb057f..0841611f6fe 100644 --- a/2014/5xxx/CVE-2014-5570.json +++ b/2014/5xxx/CVE-2014-5570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#812177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/812177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#812177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/812177" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2326.json b/2015/2xxx/CVE-2015-2326.json index 1e70054ed9f..4bf1e179c79 100644 --- a/2015/2xxx/CVE-2015-2326.json +++ b/2015/2xxx/CVE-2015-2326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2775.json b/2015/2xxx/CVE-2015-2775.json index 83b00e5895f..5979748c05d 100644 --- a/2015/2xxx/CVE-2015-2775.json +++ b/2015/2xxx/CVE-2015-2775.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Mailman-Developers] 20150327 Security patch and Mailman 2.1.20 to be released on 31 March", - "refsource" : "MLIST", - "url" : "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html" - }, - { - "name" : "[Mailman-Developers] 20150331 Security patch and Mailman 2.1.20 to be released on 31 March", - "refsource" : "MLIST", - "url" : "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html" - }, - { - "name" : "[Mailman-Announce] 20150327 Mailman 2.1.20 release", - "refsource" : "MLIST", - "url" : "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html" - }, - { - "name" : "https://bugs.launchpad.net/mailman/+bug/1437145", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/mailman/+bug/1437145" - }, - { - "name" : "DSA-3214", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3214" - }, - { - "name" : "FEDORA-2015-5216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html" - }, - { - "name" : "FEDORA-2015-5333", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html" - }, - { - "name" : "RHSA-2015:1153", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1153.html" - }, - { - "name" : "RHSA-2015:1417", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1417.html" - }, - { - "name" : "USN-2558-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2558-1" - }, - { - "name" : "73922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73922" - }, - { - "name" : "1032033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mailman/+bug/1437145", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/mailman/+bug/1437145" + }, + { + "name": "DSA-3214", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3214" + }, + { + "name": "RHSA-2015:1153", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html" + }, + { + "name": "RHSA-2015:1417", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html" + }, + { + "name": "FEDORA-2015-5333", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html" + }, + { + "name": "USN-2558-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2558-1" + }, + { + "name": "FEDORA-2015-5216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html" + }, + { + "name": "[Mailman-Developers] 20150327 Security patch and Mailman 2.1.20 to be released on 31 March", + "refsource": "MLIST", + "url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html" + }, + { + "name": "[Mailman-Announce] 20150327 Mailman 2.1.20 release", + "refsource": "MLIST", + "url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html" + }, + { + "name": "[Mailman-Developers] 20150331 Security patch and Mailman 2.1.20 to be released on 31 March", + "refsource": "MLIST", + "url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html" + }, + { + "name": "1032033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032033" + }, + { + "name": "73922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73922" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2989.json b/2015/2xxx/CVE-2015-2989.json index fcdea3b3cfd..12b66d6e782 100644 --- a/2015/2xxx/CVE-2015-2989.json +++ b/2015/2xxx/CVE-2015-2989.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#77193915", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN77193915/index.html" - }, - { - "name" : "JVNDB-2015-000121", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000121", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000121" + }, + { + "name": "JVN#77193915", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN77193915/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10173.json b/2016/10xxx/CVE-2016-10173.json index bce29c4c8d4..a327bc374d1 100644 --- a/2016/10xxx/CVE-2016-10173.json +++ b/2016/10xxx/CVE-2016-10173.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170124 CVE request: rubygem minitar: directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/24/7" - }, - { - "name" : "[oss-security] 20170129 Re: CVE request: rubygem minitar: directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/29/1" - }, - { - "name" : "https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4", - "refsource" : "CONFIRM", - "url" : "https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4" - }, - { - "name" : "https://github.com/halostatue/minitar/issues/16", - "refsource" : "CONFIRM", - "url" : "https://github.com/halostatue/minitar/issues/16" - }, - { - "name" : "https://puppet.com/security/cve/cve-2016-10173", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2016-10173" - }, - { - "name" : "DSA-3778", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3778" - }, - { - "name" : "GLSA-201702-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-32" - }, - { - "name" : "95874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170124 CVE request: rubygem minitar: directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/24/7" + }, + { + "name": "GLSA-201702-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-32" + }, + { + "name": "95874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95874" + }, + { + "name": "https://github.com/halostatue/minitar/issues/16", + "refsource": "CONFIRM", + "url": "https://github.com/halostatue/minitar/issues/16" + }, + { + "name": "[oss-security] 20170129 Re: CVE request: rubygem minitar: directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/29/1" + }, + { + "name": "DSA-3778", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3778" + }, + { + "name": "https://puppet.com/security/cve/cve-2016-10173", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2016-10173" + }, + { + "name": "https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4", + "refsource": "CONFIRM", + "url": "https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10478.json b/2016/10xxx/CVE-2016-10478.json index a1993916d6c..8b8a21e2f46 100644 --- a/2016/10xxx/CVE-2016-10478.json +++ b/2016/10xxx/CVE-2016-10478.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 617" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, incorrect size calculation in QCRIL SCWS processing have Integer overflow which will lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Cverflow in RIL" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 617" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, incorrect size calculation in QCRIL SCWS processing have Integer overflow which will lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Cverflow in RIL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3096.json b/2016/3xxx/CVE-2016-3096.json index 97128d90cf1..281e6714266 100644 --- a/2016/3xxx/CVE-2016-3096.json +++ b/2016/3xxx/CVE-2016-3096.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ansible-announce] 20160415 Ansible 1.9.6-1 has been released", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig" - }, - { - "name" : "[ansible-announce] 20160419 Ansible 2.0.2.0 has been released", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322925", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322925" - }, - { - "name" : "https://github.com/ansible/ansible-modules-extras/pull/1941", - "refsource" : "CONFIRM", - "url" : "https://github.com/ansible/ansible-modules-extras/pull/1941" - }, - { - "name" : "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4", - "refsource" : "CONFIRM", - "url" : "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4" - }, - { - "name" : "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd", - "refsource" : "CONFIRM", - "url" : "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd" - }, - { - "name" : "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away", - "refsource" : "CONFIRM", - "url" : "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away" - }, - { - "name" : "FEDORA-2016-28ff51a3f5", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html" - }, - { - "name" : "FEDORA-2016-65519440f5", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html" - }, - { - "name" : "FEDORA-2016-679c4ddd3c", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html" - }, - { - "name" : "FEDORA-2016-ab154c56dd", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html" - }, - { - "name" : "FEDORA-2016-cd3cf8e7d0", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html" - }, - { - "name" : "GLSA-201607-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925" + }, + { + "name": "FEDORA-2016-cd3cf8e7d0", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html" + }, + { + "name": "FEDORA-2016-ab154c56dd", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html" + }, + { + "name": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4", + "refsource": "CONFIRM", + "url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4" + }, + { + "name": "FEDORA-2016-679c4ddd3c", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html" + }, + { + "name": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away", + "refsource": "CONFIRM", + "url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away" + }, + { + "name": "FEDORA-2016-65519440f5", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html" + }, + { + "name": "FEDORA-2016-28ff51a3f5", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html" + }, + { + "name": "[ansible-announce] 20160415 Ansible 1.9.6-1 has been released", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig" + }, + { + "name": "GLSA-201607-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-14" + }, + { + "name": "[ansible-announce] 20160419 Ansible 2.0.2.0 has been released", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0" + }, + { + "name": "https://github.com/ansible/ansible-modules-extras/pull/1941", + "refsource": "CONFIRM", + "url": "https://github.com/ansible/ansible-modules-extras/pull/1941" + }, + { + "name": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd", + "refsource": "CONFIRM", + "url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4675.json b/2016/4xxx/CVE-2016-4675.json index ccd5f583499..f2780faa0cc 100644 --- a/2016/4xxx/CVE-2016-4675.json +++ b/2016/4xxx/CVE-2016-4675.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libxpc\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207269", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207269" - }, - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207271", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207271" - }, - { - "name" : "https://support.apple.com/HT207275", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207275" - }, - { - "name" : "93849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93849" - }, - { - "name" : "1037086", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libxpc\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207271", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207271" + }, + { + "name": "1037086", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037086" + }, + { + "name": "93849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93849" + }, + { + "name": "https://support.apple.com/HT207269", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207269" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + }, + { + "name": "https://support.apple.com/HT207275", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207275" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4832.json b/2016/4xxx/CVE-2016-4832.json index 4a30b1c9f19..8b9e6792f58 100644 --- a/2016/4xxx/CVE-2016-4832.json +++ b/2016/4xxx/CVE-2016-4832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WAON \"Service Application\" for Android 1.4.1 and earlier does not verify SSL certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#68364327", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN68364327/index.html" - }, - { - "name" : "JVNDB-2016-000124", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000124.html" - }, - { - "name" : "91789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WAON \"Service Application\" for Android 1.4.1 and earlier does not verify SSL certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000124", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000124.html" + }, + { + "name": "91789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91789" + }, + { + "name": "JVN#68364327", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN68364327/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4855.json b/2016/4xxx/CVE-2016-4855.json index d37405456b8..1665052c307 100644 --- a/2016/4xxx/CVE-2016-4855.json +++ b/2016/4xxx/CVE-2016-4855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ADOdb", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 5.20.6" - } - ] - } - } - ] - }, - "vendor_name" : "ADOdb" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ADOdb", + "version": { + "version_data": [ + { + "version_value": "versions prior to 5.20.6" + } + ] + } + } + ] + }, + "vendor_name": "ADOdb" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ADOdb/ADOdb/issues/274", - "refsource" : "CONFIRM", - "url" : "https://github.com/ADOdb/ADOdb/issues/274" - }, - { - "name" : "GLSA-201701-59", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-59" - }, - { - "name" : "JVN#48237713", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48237713/index.html" - }, - { - "name" : "92753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ADOdb/ADOdb/issues/274", + "refsource": "CONFIRM", + "url": "https://github.com/ADOdb/ADOdb/issues/274" + }, + { + "name": "92753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92753" + }, + { + "name": "GLSA-201701-59", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-59" + }, + { + "name": "JVN#48237713", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48237713/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8433.json b/2016/8xxx/CVE-2016-8433.json index 532e1324e61..6fbb15e56c5 100644 --- a/2016/8xxx/CVE-2016-8433.json +++ b/2016/8xxx/CVE-2016-8433.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95253" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8675.json b/2016/8xxx/CVE-2016-8675.json index 1438ecc809a..3f9d59c5293 100644 --- a/2016/8xxx/CVE-2016-8675.json +++ b/2016/8xxx/CVE-2016-8675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 Re: libav: null pointer dereference in get_vlc2 (get_bits.h)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/13" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/" - }, - { - "name" : "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860", - "refsource" : "CONFIRM", - "url" : "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860" - }, - { - "name" : "93468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/" + }, + { + "name": "93468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93468" + }, + { + "name": "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860", + "refsource": "CONFIRM", + "url": "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860" + }, + { + "name": "[oss-security] 20161015 Re: libav: null pointer dereference in get_vlc2 (get_bits.h)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/13" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9077.json b/2016/9xxx/CVE-2016-9077.json index d260cd6843a..cd465e4f4f4 100644 --- a/2016/9xxx/CVE-2016-9077.json +++ b/2016/9xxx/CVE-2016-9077.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Canvas allows the use of the \"feDisplacementMap\" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Canvas allows the use of the \"feDisplacementMap\" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9209.json b/2016/9xxx/CVE-2016-9209.json index fa0af8811e2..7f53bcb95c7 100644 --- a/2016/9xxx/CVE-2016-9209.json +++ b/2016/9xxx/CVE-2016-9209.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco FirePOWER", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco FirePOWER" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco FirePOWER", + "version": { + "version_data": [ + { + "version_value": "Cisco FirePOWER" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr" - }, - { - "name" : "94817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr" + }, + { + "name": "94817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94817" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9380.json b/2016/9xxx/CVE-2016-9380.json index 169141db028..1a0fab60ec0 100644 --- a/2016/9xxx/CVE-2016-9380.json +++ b/2016/9xxx/CVE-2016-9380.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-198.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-198.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa198.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa198.patch" - }, - { - "name" : "https://support.citrix.com/article/CTX218775", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX218775" - }, - { - "name" : "GLSA-201612-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-56" - }, - { - "name" : "94473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94473" - }, - { - "name" : "1037347", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/xsa198.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa198.patch" + }, + { + "name": "94473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94473" + }, + { + "name": "GLSA-201612-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-56" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-198.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-198.html" + }, + { + "name": "1037347", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037347" + }, + { + "name": "https://support.citrix.com/article/CTX218775", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX218775" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9649.json b/2016/9xxx/CVE-2016-9649.json index bba6811c8f2..3866d090185 100644 --- a/2016/9xxx/CVE-2016-9649.json +++ b/2016/9xxx/CVE-2016-9649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9649", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9649", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9677.json b/2016/9xxx/CVE-2016-9677.json index f00bd8dd8be..b74970ddeda 100644 --- a/2016/9xxx/CVE-2016-9677.json +++ b/2016/9xxx/CVE-2016-9677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX219580", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX219580" - }, - { - "name" : "95620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95620" - }, - { - "name" : "1037625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX219580", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX219580" + }, + { + "name": "95620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95620" + }, + { + "name": "1037625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037625" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2009.json b/2019/2xxx/CVE-2019-2009.json index 4cc679e8cd5..168cbe07899 100644 --- a/2019/2xxx/CVE-2019-2009.json +++ b/2019/2xxx/CVE-2019-2009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2207.json b/2019/2xxx/CVE-2019-2207.json index 7fb5377820f..d676dbea26f 100644 --- a/2019/2xxx/CVE-2019-2207.json +++ b/2019/2xxx/CVE-2019-2207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2501.json b/2019/2xxx/CVE-2019-2501.json index edd7dadff5a..1f28d7d27e5 100644 --- a/2019/2xxx/CVE-2019-2501.json +++ b/2019/2xxx/CVE-2019-2501.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106568" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2581.json b/2019/2xxx/CVE-2019-2581.json index b4e775a810f..00ae171b3a4 100644 --- a/2019/2xxx/CVE-2019-2581.json +++ b/2019/2xxx/CVE-2019-2581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3073.json b/2019/3xxx/CVE-2019-3073.json index 9875ca25820..9d3679ab0bd 100644 --- a/2019/3xxx/CVE-2019-3073.json +++ b/2019/3xxx/CVE-2019-3073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6037.json b/2019/6xxx/CVE-2019-6037.json index e13b9b86cf5..e82180718b5 100644 --- a/2019/6xxx/CVE-2019-6037.json +++ b/2019/6xxx/CVE-2019-6037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6102.json b/2019/6xxx/CVE-2019-6102.json index 8bfbe3e9476..9add9618df3 100644 --- a/2019/6xxx/CVE-2019-6102.json +++ b/2019/6xxx/CVE-2019-6102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6845.json b/2019/6xxx/CVE-2019-6845.json index 4d0250db468..cc5efac2233 100644 --- a/2019/6xxx/CVE-2019-6845.json +++ b/2019/6xxx/CVE-2019-6845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6845", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6845", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6889.json b/2019/6xxx/CVE-2019-6889.json index 8c69d7a9ad8..7444218a0cb 100644 --- a/2019/6xxx/CVE-2019-6889.json +++ b/2019/6xxx/CVE-2019-6889.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6889", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6889", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7477.json b/2019/7xxx/CVE-2019-7477.json index d832e430f72..2fdbe953e43 100644 --- a/2019/7xxx/CVE-2019-7477.json +++ b/2019/7xxx/CVE-2019-7477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7477", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7477", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7478.json b/2019/7xxx/CVE-2019-7478.json index 3ad0bac1952..3af881b5bf6 100644 --- a/2019/7xxx/CVE-2019-7478.json +++ b/2019/7xxx/CVE-2019-7478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7693.json b/2019/7xxx/CVE-2019-7693.json index 325ffa30d16..410f446a5cd 100644 --- a/2019/7xxx/CVE-2019-7693.json +++ b/2019/7xxx/CVE-2019-7693.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf", - "refsource" : "MISC", - "url" : "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf" - }, - { - "name" : "https://pastebin.com/raw/nQ648Dif", - "refsource" : "MISC", - "url" : "https://pastebin.com/raw/nQ648Dif" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/raw/nQ648Dif", + "refsource": "MISC", + "url": "https://pastebin.com/raw/nQ648Dif" + }, + { + "name": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf", + "refsource": "MISC", + "url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7721.json b/2019/7xxx/CVE-2019-7721.json index e6e3411c920..43af87a7e23 100644 --- a/2019/7xxx/CVE-2019-7721.json +++ b/2019/7xxx/CVE-2019-7721.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gnat/nc-cms/issues/14", - "refsource" : "MISC", - "url" : "https://github.com/gnat/nc-cms/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gnat/nc-cms/issues/14", + "refsource": "MISC", + "url": "https://github.com/gnat/nc-cms/issues/14" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7750.json b/2019/7xxx/CVE-2019-7750.json index 32d713ad04a..236d138fb17 100644 --- a/2019/7xxx/CVE-2019-7750.json +++ b/2019/7xxx/CVE-2019-7750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file